Not speaking for the security team, how likely would it be that this was an attack using reused passwords from another website?
How likely, specifically, is it that someone got into one or multiple employee accounts, found the admin console password lying around (or in an onboarding email that wasn't deleted, or in chat logs), and then accessed the internal admin site? The list of what was taken looks like it's straight from what a Support Rep would need to deal with password resets, OTPs, etc.
How likely, specifically, is it that someone got into one or multiple employee accounts, found the admin console password lying around (or in an onboarding email that wasn't deleted, or in chat logs), and then accessed the internal admin site? The list of what was taken looks like it's straight from what a Support Rep would need to deal with password resets, OTPs, etc.